Security update: Change to enforce TLS protocols postponed

Rob Blau
●
Jan 22, 2019

We have been monitoring the usage of older TLS protocols, and while most Shotgun sites have little to no problematic traffic, we still see significant traffic that would be blocked by this change on some sites. To try and make this transition as painless for you as possible, we've decided to postpone the requirement of TLSv1.2.

The new target date for the change is Tuesday, April 2nd, 2019.

The extra time will allow studios who have not been able to update on the current timeline some more time to roll out changes before they start seeing errors when using tools with Shotgun integration.

Unfortunately, while we can see how much traffic a site sees for older protocols, we do not have the information needed to know what host that traffic originates from or what user/script in Shotgun the traffic is associated with. In order to make it more apparent what will break as a result of this change, we will be scheduling a series of "brownouts", where for a known window of time we will require TLSv1.2. More information about this schedule will be published soon.

Also, as a reminder, clients who are running local installs of Shotgun will not be affected by this change.

Thanks to everyone who has put in effort to be ready for this change. We take security very seriously and want to make sure we're working with you to enforce best practices while causing as little impact to your business as possible. As always, if you have any questions or concerns, just email us at support@shotgunsoftware.com.

Full information about the change is available on our support site here.